Affected-Key-Credentials-Scanner

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This Playbook scans all key credentials in all apps/serviceprincipals in the specified tenant for credentials with property hasExtendedValue == true by calling Microsoft Graph and adds to Azure Sentinel Watchlist

Attribute	Value
Type	Playbook
Solution	Standalone Content
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	1
`http`	Built-in	0	1

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Watchlists_-_Add_a_new_watchlist_item	put	`/Watchlists/subscriptions/@{encodeURIComponent(variables('SubscriptionId'))}/resourceGroups/@{encodeURIComponent(variables('ResourceGroup'))}/workspaces/@{encodeURIComponent(variables('WorkspaceName'))}/watchlists/@{encodeURIComponent(variables('WatchListAlias'))}/watchlistItem`	—

`http` (Built-in)

Action	Method	Endpoint	Other
HTTP	GET	`@{variables('ResourceUrl')}/beta/myorganization/@{variables('ObjectClass')}s?$select=displayName,id,appId,keyCredentials`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks

Affected-Key-Credentials-Scanner

Logic App Connectors

azuresentinel (Managed)

http (Built-in)

`azuresentinel` (Managed)

`http` (Built-in)